mySQL with special chars

[roeyhaim]

Hello everyone,

how i can insert to the db string that include "$_GET['id']", and i need this as is.

in the table i need to see the string $_GET['id'] and not the value.

 

any ideas ?

[simshaun]

INSERT INTO sometable SET somefield = "$_GET['id']"

Why do you need "$_GET['id']" in the database?

[Rifts]

dont do it this way you are completely open to injections

 

please do this

 

$id = $_GET['id'];
$id= stripslashes($id);
$id= mysql_real_escape_string($id);

(" INSERT INTO sometable SET somefield = '$id' ")

[simshaun]

INSERT INTO sometable SET somefield = "$_GET['id']"

That is not open to injection, because its not actually retrieving the value of $_GET['id'].  Based on my interpretation of the author's wording, that's how he wants it.

[kenrbnsn]

If the OP wants the string "$_GET['id']" to be stored in the DB, this should be used:

<?php
$str = mysql_real_escape_string("$_GET['id']");
$q = "insert into tbl_name set yourfield = '" . $str . "'";
$rs = mysql_query($q) or die("Problem with the query: $q<br>" . mysql_error());
?>

 

Ken

[ManiacDan]

The OP has made it clear that he actually wants THE STRING "$_GET['id']" in his database, NOT the value of that variable.

 

mysql_query("INSERT INTO someTable (somefield) VALUES ('\$_GET['id']')");

This is silly, but it gets what the OP has asked.

 

-Dan

[kenrbnsn]

My solution has an error. This line:

<?php
$str = mysql_real_escape_string("$_GET['id']");
?>

should be

<?php
$str = mysql_real_escape_string("\$_GET['id']");
?>

 

That's what I get for posting when I should be asleep ...

 

Ken

[roeyhaim]

thank you all for your help   

 

its work perfectly